New laptop has bitlocker - where is recovery key

I mentioned recently I'd bought an HP Pavilion Aero 13 in a clearance sale. It's a new laptop (even if probably older stock). Just doing initial set up and it says the drive has bitlocker. There is a bios update waiting that says if you do the bios update make sure you know your bitlocker recovery key. So I haven't done the bios update yet. It came with Windows 11 Home installed so why would it have bitlocker set up? And any idea where the key is? It's currently on 21H1 although it's doing Windows updates at the moment.

Hazel123 said:

I mentioned recently I'd bought an HP Pavilion Aero 13 in a clearance sale. It's a new laptop (even if probably older stock). Just doing initial set up and it says the drive has bitlocker. There is a bios update waiting that says if you do the bios update make sure you know your bitlocker recovery key. So I haven't done the bios update yet. It came with Windows 11 Home installed so why would it have bitlocker set up? And any idea where the key is? It's currently on 21H1 although it's doing Windows updates at the moment.

Click to expand...

Wait for verification, but I don't think you need to worry about that warning.
I believe it's just a generic warning when you flash the BIOS.

It reminds EVERYone, whether they use Bitlocker or not... that flashing the BIOS will affect the Bitlocker key.

You almost certainly have device encryption set up. You only get this on devices with a TPM and modern standby.

Bitlocker key is automatically stored in the TPM. You can export it I understand.

The safest option is to simply turn device encryption off before you do a bios update.

You can turn it on again afterwards.

I've had a look in settings and device encryption is turned on. There was also a link to copy the recovery key, which I've done, to an external drive. Thanks. What I'm confused about is why it has bitlocker turned on anyway - it's not Windows 11 Pro, it's Windows 11 Home.

So presumably I can just turn it off and leave it off? I don't really want or need device encryption on this laptop.

manage-bde -protectors C: -get

Hazel123 said:

So presumably I can just turn it off and leave it off?

Click to expand...

Yes, that's what I did with my new laptop last year and have had no problems with it.
Turn On or Off Device Encryption - ElevenForumTutorials
Despite a warning that decryption would take some time, I blinked & missed it.

All the best,
Denis

Sorry? I don’t understand that.

This is what it shows in settings

Try3 said:

Yes, that's what I did with my new laptop last year and have had no problems with it.
Turn On or Off Device Encryption - ElevenForumTutorials
Despite a warning that decryption would take some time, I blinked & missed it.

All the best,
Denis

Click to expand...

Thanks - I’ll do that. Now I’ll have to do my system image again with it turned off.

Is device encryption the same as bitlocker drive encryption though?

No.
Home Edition devices such as ours only have Device encryption.
You can ignore references to Bitlocker.


Denis

No it isn't. So why is bitlocker encryption, and a key for it, there, if I don't have Pro? According to this, "Device Encryption" has its own key that is uploaded to your one drive account - but I already uninstalled one drive.

Try3 said:

No.
Home Edition devices such as ours only have Device encryption.
You can ignore references to Bitlocker.


Denis

Click to expand...

Thanks - so why is there a key for bitlocker encryption available (which I have copied) if it isn’t available?

And where is the key for device encryption? If I turn it on again. If it's only in one drive then it's nowhere as I uninstalled One Drive.

Hazel123 said:

No it isn't. So why is bitlocker encryption, and a key for it, there, if I don't have Pro? According to this, "Device Encryption" has its own key that is uploaded to your one drive account - but I already uninstalled one drive.

Difference between Device Encryption and BitLocker

Microsoft offers two types of encryption on Windows, Device Encryption and BitLocker. This guide helps you know the difference between them.

www.thewindowsclub.com

Click to expand...

My understanding is that if you log into Windows using a Microsoft account, that's the account wherein the recovery key is stored (in that OneDrive).

Thanks. I logged into Microsoft account and it has a bitlocker key stored under the device details. It's a bit confusing when I do have device protection but not bitlocker protection and the key stored is for bitlocker protection. Would it be the same key for both?

Hazel123 said:

Thanks. I logged into Microsoft account and it has a bitlocker key stored under the device details. It's a bit confusing when I do have device protection but not bitlocker protection and the key stored is for bitlocker protection. Would it be the same key for both?

Click to expand...

Think of device encryption as Bitlocker "lite" it is considered the same in name as the full Bitlocker in pro. Same key as well but fewer features.

Hazel,

Turning off Device encryption needs no key.
Once you turn off Device encryption in your Windows 11 Home computer, you'll never need to worry about this subject again.


All the best,
Denis

Thanks. As long as I know it's the same key and there isn't another one somewhere Thanks Try3.

So aside from that, laptop is good. Small but a nice size as narrow but taller screen. Only thing so far is the usb slot is very tight.

Not that fast. It's Ryzen 7 - it's not as fast as Core i7 and seems about the same as my Core i5 laptop. But it does the job.

Hazel123 said:

I've had a look in settings and device encryption is turned on. There was also a link to copy the recovery key, which I've done, to an external drive. Thanks. What I'm confused about is why it has bitlocker turned on anyway - it's not Windows 11 Pro, it's Windows 11 Home.

So presumably I can just turn it off and leave it off? I don't really want or need device encryption on this laptop.

Click to expand...

This is default for most major oem laptops with W11 Home with tpm and modern standby.

Turn it off and it will stay off.

The only real reason to use device encryption is if pc gets stolen, and thief cannot bypass your login passwords and removes drive to see if they can access your data on another pc.

If thief bypasses your login password, device encryption is pretty useless.

A common way of bypassing login passwords is to boot from a usb drive with software to reset password.

This can be made much harder by setting a bios password as well.